Passionate about Linux hardening, compliance, security management and new technologies.

Security Audits – How to Prioritize Audit Findings

Security Audits – How to Prioritize Audit Findings Technical audits or vulnerability scans will reveal a lot of findings. They can be overwhelmed and forcing the reviewer to freeze, not knowing where to start. To overcome this issue, we should prioritize the findings and determine the consequences of each finding for our company. While an open directory listing on a web server might in one situation not be preferred, it would make sense for others. It is the context which […]

Read more

Do NOT use Linux hardening checklists for your servers

Do NOT use Linux hardening checklists for your servers Quality is an interesting word. It describes, well, the quality of something. Quality is just another word for how well can you repeat something. The goal is to get each time exactly the same result. Whenever it’s a physical product, or rolling out a new Linux system, you want great quality. One method to increase quality is using checklists. However we strongly advice against using Linux hardening checklists.. But checklists are […]

Read more

How to audit AIX Unix systems with Lynis

How to audit AIX Unix systems with Lynis Each system is as strong as its weakest link. Also for systems running on AIX this rule applies. Therefore a regular audit can help finding the weakest links. Next step is then the fortification of these weakened areas and implementing system hardening measures. What to audit? There is a lot to look for when auditing a system running AIX. Let’s have a look at the most important areas. File systems Monitor alterations […]

Read more

How to deal with Lynis suggestions?

How to deal with Lynis suggestions? After finishing an audit with Lynis, the screen is usually filled with a lot of suggestions. Most users don’t know where to start with hardening and how to deal with these Lynis suggestions in particular. We provide you some tips! Before we start, we strongly suggest to use the latest version of Lynis. If you are using an outdated version from the software repositories, the output could be slightly different. The latest version can […]

Read more

Linux Security for DevOps

Linux Security for DevOps During the last years the role of DevOps evolved. This person could be described as the hybrid: a system administrator with development skills, or the developer which is also infrastructure savvy. With Linux and so many available tooling, it is becoming easier for people to learn both development and managing infrastructures. We are especially interested in Linux security for DevOps and what they can apply. Automation is key Repeating work is not only boring, but also […]

Read more

Are security hardening guides still useful?

Are security hardening guides still useful? This was the big question we asked ourselves recently, when reading a few of them. With Linux and other Unix systems being decently hardened by default, would it still make sense to invest a lot of time to harden your system? Hardening guides Years ago both Windows and Linux were easy targets. A lot of system software was installed by default and these services were targeted often by malicious people and scripts. Then hardening […]

Read more

Intrusion detection: Linux rootkits

Intrusion detection: Linux rootkits Rootkits Rootkits are installed components on a server by a person with malicious intent. The main goal is hiding its presence and avoid the eye of the system administrator. Rootkits usually consist of a set of tools, to manipulate the Linux kernel, alter output to the screen or avoid some software from doing its tasks. Nowadays rootkits are less popular than they were before. One of the reasons is the increased security in the Linux kernel, […]

Read more

Plus sign in ls output

Plus sign in ls output Every wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files. Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL. root@earth:~/facls# ls -l total […]

Read more
1212223242529